Graphical Docker container

If you have not heard of Docker yet, you should listen up. Docker is a light-weight virtual machine. In a virtual machine, you have another operating system running with its own scheduler, memory and network manager in addition to the application you are virtualizing. Docker eliminates the need for these duplicate layers by leveraging the kernel of the host system. It is a more efficient use of hardware in addition to being smaller.

I have only recently started playing with Docker and I am in love. Its simplicity and elegance are mesmerizing. Typically, it is used for production build servers, and contained web applications. One of the things I struggled to use it for is putting my graphical application (such as a web browser) in a walled garden. In Docker, this problem can be solved in three different ways:
1) Use SSH X11 forwarding
2) Expose the $DISPLAY of the host machine
3) Run a VNC server in the container

Each method has its drawbacks. For the average user, #1 will pose a problem to set up. Especially on a Windows machine where you’ll need XMing or an equivalent X server. The problem with #2 is that you are now exposing parts of the host to the container. In essence, you are punching holes in your walled garden.

I settled on using #3. It is the most cross-platform solution I can think of. Docker can run on Mac OS X, Windows and of course Linux. Everything that I run is inside the container, and I can use a VNC client to access the container and run programs. To make things even sweeter, there is a VNC client called noVNC which creates an HTTP5-based webservice that can connect to your VNC server. In english, this means that you do not need to install anything on the host to access the container.

This container is available on the Docker Hub. You can use it in your own Dockerfile as a base with the FROM bandi13/vnc-webclient directive. Then you can access the container by browsing to http://127.0.0.1:5901/?password=1234. Yes, you can easily change the default password.

For now, here is a simple Dockerfile example:
FROM bandi13/vnc-webclient
RUN apt install -y firefox

Then you can do:
docker build -t vnc-firefox . && docker run --shm-size=256m -it -p 5900:5900 -p 5901:5901 vnc-firefox
This can keep you safer and more anonymous on the internet.

If you want certain programs to start when you run the container, you can copy them to /opt/startup_scripts. For example, you may have a script that starts firefox and if you expand your Dockerfile like so:
FROM bandi13/vnc-webclient
RUN apt install -y firefox
COPY startFirefox.sh /opt/startup_scripts/startFirefox.sh

Now you have firefox automatically start. Easy peasy.

Liked it? Take a second to support me on Patreon!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.